NEAS[.]4d14bf8feb6477dc50fddfd274179027a4248ee6c17312f89e02c2eb33c07175_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.4d14bf8feb6477dc50fddfd274179027a4248ee6c17312f89e02c2eb33c07175_JC.exe
Size

672KB
MD5

d08ed4bfcde618050008580a906c6fa7
SHA1

8dc8610d214a7a4d76c4897a034a874d662c85bb
SHA256

4d14bf8feb6477dc50fddfd274179027a4248ee6c17312f89e02c2eb33c07175
SHA512

6c40be4f7fd6a3f286a0d2f9de9954fd64ca3ddfc43dad79f01502cd3383c5f88aa6e9a39d01508a62250372f7d39857d816a967ae8795d35ad54598dfa4dd52
SSDEEP

12288:ML56XhzloThu7rpIGTv6zfkvfyi3wYOQi/F0DtTpUebj78:ML56RG03UzfkH9AYOTN0DVpjL8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4d14bf8feb6477dc50fddfd274179027a4248ee6c17312f89e02c2eb33c07175_JC.exe

Files

NEAS.4d14bf8feb6477dc50fddfd274179027a4248ee6c17312f89e02c2eb33c07175_JC.exe
.exe windows:4 windows x86

609ef8f7d06274ac249876bd1b188c1b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

closesocket
ioctlsocket
WSAGetLastError
htons
bind
listen
accept
inet_ntoa
WSAStartup
connect
gethostbyname
inet_addr
__WSAFDIsSet
select
recv
send
ntohs
getsockname
gethostname
WSACleanup
socket

kernel32

LCMapStringA
FreeLibrary
GetEnvironmentVariableA
SetFileAttributesA
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
MultiByteToWideChar
WritePrivateProfileStringA
GetModuleFileNameA
GetStartupInfoA
CreateProcessA
GetStdHandle
WriteFile
DeleteFileA
GetLocalTime
GetTickCount
CreateFileA
GetFileSize
ReadFile
HeapReAlloc
ExitProcess
GetCommandLineA
GetModuleHandleA
RtlZeroMemory
lstrcmpA
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
QueryDosDeviceA
lstrcpyn
IsBadReadPtr
WideCharToMultiByte
Module32Next
Module32First
VirtualFreeEx
OpenThread
WriteProcessMemory
RtlMoveMemory
IsWow64Process
GetVersion
GetLastError
GetCurrentThreadId
MapViewOfFile
CreateFileMappingA
LocalFree
TerminateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnmapViewOfFile
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetCurrentProcess
CreateThread
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetFileAttributesA
SetFilePointer
lstrcpyA
SetLastError
lstrcatA
GetTimeZoneInformation
SetErrorMode
lstrcpynA
lstrcmpiA
GlobalDeleteAtom
FlushFileBuffers
SetEndOfFile
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
ExitThread
GetSystemTime
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
GetExitCodeProcess
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
ReadProcessMemory
GetNativeSystemInfo
CloseHandle
WaitForSingleObject
GetProcAddress
LoadLibraryA
MoveFileExA
GetTimeFormatA
GetDateFormatA
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
OpenProcess
CreateEventA
OpenEventA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetClassNameA
GetSystemMetrics
SetForegroundWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
GetMenuItemCount
GetDlgCtrlID
LoadStringA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
PostMessageA
GetWindow
PtInRect
SystemParametersInfoA
GetDC
ReleaseDC
PeekMessageA
CreateDialogIndirectParamA
UpdateWindow
GetMessageA
SendMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
ShowWindow
SetWindowLongA
GetWindowRect
ScreenToClient
SetWindowPos
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
wsprintfA
MessageBoxA

advapi32

LookupAccountSidA
GetTokenInformation
OpenProcessToken
GetUserNameA

ole32

CLSIDFromString
CoInitialize
CoCreateInstance
CoUninitialize
OleRun
CLSIDFromProgID

shlwapi

PathFileExistsA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
GetClipBox
DeleteObject
DeleteDC
SelectObject
GetDeviceCaps
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
Escape
GetObjectA
GetStockObject
ScaleWindowExtEx

oleaut32

RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
VarR8FromCy
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
VariantChangeType
SysAllocString
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime
SafeArrayGetElemsize

psapi

GetProcessImageFileNameA

ntdll

RtlAdjustPrivilege
ZwUnmapViewOfSection

iphlpapi

GetAdaptersInfo

shell32

SHGetSpecialFolderPathA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

Sections

.text
Size: - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

609ef8f7d06274ac249876bd1b188c1b

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

ole32

shlwapi

gdi32

oleaut32

psapi

ntdll

iphlpapi

shell32

winspool.drv

comctl32

Sections

.text Size: - Virtual size: 427KB

.rdata Size: - Virtual size: 26KB

.data Size: - Virtual size: 347KB

.vmp0 Size: - Virtual size: 308KB

.vmp1 Size: 576KB - Virtual size: 575KB

.rsrc Size: 92KB - Virtual size: 91KB

.text
Size: - Virtual size: 427KB

.rdata
Size: - Virtual size: 26KB

.data
Size: - Virtual size: 347KB

.vmp0
Size: - Virtual size: 308KB

.vmp1
Size: 576KB - Virtual size: 575KB

.rsrc
Size: 92KB - Virtual size: 91KB